Skip to main content
Tag

case study

Customer Success Story: Eliminating Vulnerabilities and Reducing Risk with Syxsense

By Endpoint Security

Challenge

The IT Operations team at EECO supports the enterprise infrastructure of 12 locations across the southeastern US staffed with 300 employees. Up until 2021, the company outsourced management of its networking, server maintenance, and endpoint management to managed service providers (MSPs). However, with consolidation across the MSP market, EECO ultimately chose to bring this management in-house to improve visibility and business operations.

After years of inconsistent service with other services and solutions, while facing increasingly urgent security threats, EECO sought a single endpoint management and security solution that would enable them to improve support to their distributed employees across several states and face the challenge of remediating critical vulnerabilities such as Follina.

Solution

EECO used Syxsense to manage hundreds of endpoints: delivering patches and Feature Updates without having to rely on end users. In 2021, after facing multiple critical vulnerabilities from PrintNightmare to Follina, EECO turned to Syxsense to improve their endpoint security. EECO upgraded to Syxsense Enterprise to leverage its unique Cortex automation and pre-built vulnerability scripts to push configuration changes to devices over the cloud. They now use Syxsense as part of a unified management and security approach, utilizing tools such as the vulnerability scanner to verify results and findings, automated Feature Updates, and real-time device reporting to ensure the security of their endpoints.

With Syxsense Enterprise, EECO:

  • Saves critical time by reducing the mean time-to-respond (MTTR) with pre-built vulnerability scanning and remediation scripts that automate the assessment of affected devices and the application of fixes and configuration changes.
  • Accurately monitors for, detects, and remediates vulnerabilities in near real-time and provides detailed reporting for executive assurance.
  • Saves hours of driving to physical locations and reliance on end users to monitor server performance and deploy updates.
  • Can keep every endpoint up to date easily and efficiently with scheduling and reporting of patches and Windows Feature Updates.

Outcome: Eliminating Vulnerabilities and Reducing Risk with Syxsense

EECO found itself in a tight spot when CVE 2022-30190, commonly known as “Follina,” was made public.

With no patch forthcoming, EECO took advantage of the pre-built vulnerability scripts available with Syxsense Enterprise. Access to the pre-built vulnerability scripts gave EECO the ability to push out the workaround and configuration change Microsoft provided. Their Cortex automation delivered the configuration changes out to all EECO devices seamlessly.

This not only reduced the burden on the small IT operations team and end users, but drastically reduced the amount of time the company’s endpoints were at risk and eliminated the attack vector, especially given that the vulnerability that was known to have been exploited in the wild.

“The pre-built vulnerability scripts are ridiculous because obviously things cost money. But if it’s a dollar and cents kind of math, it’s not even a conversation. The amount of time that something like that saves is just invaluable.”

Furthermore, the IT operations team was able to quickly report to leadership on the status of EECO’s devices with Syxsense’s vulnerability reports. The reports provided real-time data on the health of the environment, giving EECO’s executive team a clear view of their risk and exposure and the effectiveness of the vulnerability remediation process. At the end of the day, all parties were confident the company’s infrastructure was secure.

Get the full scoop by downloading the success story.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Case Study: How Organizations Can Affordably Gain Security Technology and Expertise

By Blog

Case Study: How Organizations Can Affordably Gain Security Technology and Expertise

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Faced with a shocking increase in security threats – a 500% increase in cybercrime in the last two years, according to one study – many organizations have responded by making a firm decision to hire experienced IT security personnel and acquire the latest and greatest security tools. But the price tag for top talent and feature-rich security suites quickly makes them reassess their needs.

Yes, they want the very best and most experienced security executives. Yes, they need to manage their endpoints, deploy patches, make their mobility options more secure, and be able to quickly spot potential vulnerabilities. But how do they afford it?

One approach that is gaining serious traction is to outsource many of these duties as possible. That can come in the form of “hiring” a virtual security executive or using a managed service provider (MSP) to take care of many IT security functions or doing both.

H2Cyber, for example, offers virtual Chief Information Security Officer (vCISO) services in addition to cybersecurity and risk management services. This cybersecurity executive management firm operates a highly skilled and experienced team of security consultants. This wealth of talent is at the disposal of anyone paying a monthly fee to gain their own vCISO. And it’s a lot more affordable than a full-time security executive. The average salary of a CISO is $273,030 in the U.S, and states such as New York and others are now requiring organizations in certain markets must assign someone to that position.

“It is merely a matter of time before a regulatory body or threat actor comes upon your business,” said Paul Horn, Founder & CEO of H2Cyber. “Regulators will be looking to make sure you have basic cybersecurity measures in place to reduce the risk of a cyberattack as well as having required safeguards in place to protect client and customer information. Threat actors, on the other hand, will look to exploit the lack of basic safeguards regardless of your company’s size.”

H2Cyber helps its clientele avoid breaches by delivering vCISO services and offering cyber-strategy advice.

“A vCISO allows the organization to navigate through the increasing number of cybersecurity regulations by building a comprehensive cybersecurity program accounting for compliance and security,” said Paul Horn, Founder & CEO of H2Cyber. “Just because an organization is compliant doesn’t mean they are secure: it is a game of risk management.”

H2Cyber’s team makes its money in C-level advice and expertise. Its focus is squarely on the strategic and executive side of security, not on the nuts and bolts of applications such as backup and patch management. Yet its customers typically want more than a vCISO to advise on strategy as well as how to streamline interaction between business and IT. They also want recommendations about the right security tools and services to deploy to take care of potential incursions and threats such as ransomware. For that side of the business, H2Cyber outsources services to other MSPs. This enables its trained resources to focus on vCISO duties and other core competencies.

“Our customers want to know what works; they don’t have time to research and evaluate the different solutions out there, so they expect us to find the best MSP services for their needs,” said Horn.

His company operates a relatively lean infrastructure consisting of cloud services via Microsoft Azure and Amazon Web Services (AWS). It augments a small data center with MSP services, leveraging white-labeled products where possible. These services include cybersecurity compliance, antivirus, and cyber security support.

Syxsense, for example, is used by H2Cyber for vulnerability scanning, and other IT security services that help its clients remediate software and OS vulnerabilities such as incorrect or misconfigured settings. Patch management services, too, are provided by Syxsense. Horn noted that there are many patch management solutions to choose from. However, many require assets to be on-premises, only patch Windows-based systems and don’t offer management of mobile devices.

“Syxsense allows you to manage not just Windows, but Linux as well as Apple,” said Horn. “The Syxsense Secure platform allows the pushing of patches automatically and provides the necessary security and vulnerability discovery within our systems.”

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo